[pmwiki-users] Mailpost strangeness in 1.0.13

[Peter Brink]

Ok. I have not upgraded to 2.* so I don't know if this little oddity is 
fixed in the later versions of PmWiki but anyways...

Someone, who uses the username "sex pictures", is trying to edit 
PmWiki.PmWiki at my site. My site is world read-only and one needs to 
have a admin or editor password to edit. The PmWiki group can only be 
edited by admin. Obviously the attempt to edit fails and nothing shows 
up in the page history or on Main.RecentChanges. However, I use mailpost 
to send a mail notification of all new posts and the mailpost script 
sends an notification of the post as if it had succeeded. I note that 
mailpost.php (line 59 ff) does not test for authorization as HandleEdit 
or HandlePost in  pmwiki.php does. I'm *guessing* that the lack of test 
for authorization in mailpost.php is the reason for the failed edit 
being "broadcasted". Since no bad content is being added (or 
broadcasted) this is more an annoying problem than a serious one, but 
I'd like to solve it.

If I changed line 59 - 69 in mailpost.php from:

if ($action=='post' || @$_POST['post']) {
   Lock(2);
   $fp = @fopen($MailPostsFile,"a");
   if ($fp) {
     $PostTime = strftime($MailPostsTimeFmt,$Now);
     fputs($fp,str_replace("\n",$Newline,
       FmtPageName("$Now $MailPostsItemFmt",$pagename))."\n");
     fclose($fp);
   }
   Lock(0);
}

to:

if ($action=='post' || @$_POST['post']) {
   Lock(2);
   $page = RetrieveAuthPage($pagename,"edit");
   if (!$page) {
      return;
   }
   else {
      $fp = @fopen($MailPostsFile,"a");
      if ($fp) {
      $PostTime = strftime($MailPostsTimeFmt,$Now);
      fputs($fp,str_replace("\n",$Newline,
         FmtPageName("$Now $MailPostsItemFmt",$pagename))."\n");
      fclose($fp);
      }
   }
   Lock(0);
}

would that be enough to solve the problem?

/Peter